NSF Pumps $20 Million into Cybersecurity Research Projects

The National Science Foundation (NSF) has granted Frontier awards totalling nearly $20 million to three multi-university research projects that seek to develop technical solutions to improve computer security.

The Frontier awards, which are funded through NSF's interdisciplinary Secure and Trustworthy Cyberspace (SaTC) program, are intended to support collaborative research and education projects to help secure technology infrastructure and protect information.

The "Enabling trustworthy cybersystems for health and wellness" project will look for ways to secure sensitive health-related information in an environment of mobile devices and cloud-based services. The researchers aim to develop usable authentication and privacy tools, trustworthy control of medical devices, and effective methods to detect malware, compute trust metrics, and audit medical information systems and networks. They will also create courses and sponsor summer programs for undergraduate and K-12 students and develop an exchange program for postdoctoral fellows and research students.

"Our research is motivated by the rapid deployment of mobile and cloud information technologies in healthcare, both in clinical settings and at home," said David Kotz, the Champion International Professor of Computer Science at Dartmouth, in a prepared statement. "We aim to help these technologies reach their full potential by ensuring they can protect the integrity of medical data and the privacy of patient information."

The "Rethinking security in the era of cloud computing" project will work to advance computer security in cloud computing environments. Researchers will develop new and improved solutions for unified authentication and authorization and auditing across diverse services; effective monitoring and diagnosis for security management of services, networks, data centers, and users; and pervasive encryption to, from, and within the cloud.

"The vast majority of cloud-related research in the computer security research community casts the move to cloud computing as intensifying the threats to which data and services are vulnerable," said Mike Reiter, the Lawrence M. Slifkin Distinguished Professor of Computer Science at the University of North Carolina, in a prepared statement. "Instead, we see new opportunities for improving security of data and services by moving them to the cloud, and we plan on pursuing an aggressive research agenda to realize these opportunities."

The "Towards effective Web privacy notice and choice: a multi-disciplinary perspective" project will research how to improve the usability of privacy policies. Most people don't read the privacy policies of the Web sites they use, and people who do often struggle to understand them. Researchers will develop technologies to semi-automatically extract key privacy policy features from Web site privacy policies and present the information to users in a way that helps them make more informed decisions about the Web sites they use and work with companies to support the large-scale deployment of these technologies. Researchers will also identify trends and deficiencies in the wording and content of Web site privacy policies.

"If you read privacy notices, you quickly realize that they contain a lot of boilerplate text and that people seem to often be recycling entire sentences and even larger text fragments from one another," said Norman Sadeh, a computer science professor at Carnegie Mellon University, in a prepared statement. "This project will aim to exploit these types of patterns."

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at leilameyer@gmail.com.